Last Modified: Nov 07, 2022
Affected Product:
See more info
BIG-IP LTM
Known Affected Versions:
11.4.0, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.10
Fixed In:
11.6.0, 11.5.2
Opened: Apr 30, 2014
Severity: 4-Minor
Related Article:
K19551223
LTM Policy rule ordinal values for ensuring which rules are considered first, second, and so on, can evaluate in other than the configured order.
Unexpected policy actions might be invoked if an out-of-order rule matches the conditions.
If the ordinal value associated with a policy rule is larger than 65536, then there is potential for rules to be evaluated in a different order than expected.
Using the GUI, drag-and-drop rules into desired order, and the system saves the policy rules using within-range ordinals. Alternatively, edit the configuration to make all ordinals fall below 65536. You can do so manually, or by using a script similar to the following: perl -pe 's/000/0/ if (/ordinal\s+\d+/);' /config/bigip.conf > /config/bigip.conf.fixed. Important: Before executing a Perl script, make sure you are familiar with the kinds of changes the script generates.
Policy rules are now evaluated in the expected order.